Https login fails on shared but work perfectly for the /alfresco admin and IOS app

Keywords: Alfresco - Google Cloud Platform - Technical issue - Secure Connections (SSL/HTTPS)
Description:
I am writing for help as I literally spent the last 24 hours trying to trouble shoot my install. I started with a clean install from G.Cloud bitnami Alfresco which worked perfectly.
I uploaded 3 GB of documents, created users and workflows… everything great.

I then tried to install HTTPS/SSL by following the instructions in the Bitnami Alfresco Documentation: Fail.
I thought I would master the beast by using Certbot: Big mistake:, that screwed up my install and I ended-up with the default debian index pages when calling up the url of the server.

Finally I used the Lego client. That worked! but… http requests are being rejected and port 80 remains closed.

https site works for IOS app access and /alfresco admin site but impossible to login to the /shared.

The Catalina log:

multiple Connection refused paragraphs starting with: 
webscripts.connector.RemoteClient] [ajp-apr-8009-exec-4] Error status 503 Connect to localhost:80 [localhost/127.0.0.1, localhost/0:0:0:
0:0:0:0:1] failed: Connection refused (Connection refused)

Netstat shows the following active ports: 22, 8100, 3306, 22, 443, 8443, 8005, 1445, 2025, 2121, 8009, 8080, and 1139.

I tried to modify server.xml from 8080 to 80 but catalina logs show that the port is already in use when tomcat starts up.

The SSL keys are installed in apache2 and work perfectly.
I don’t need ssl activated in tomcat.
but I am not sure of the correct parameters in server.xml…

Any help would be greatly appreciated.

Benjamin

Hi,

It looks like you installed the system apache2, could you confirm that you uninstalled it properly? This post may help:

Then, could you confirm that the services are running?

sudo /opt/bitnami/ctlscript.sh status

If not, then start the services

sudo /opt/bitnami/ctlscript.sh start

Hope it helps.

Best regards,

Javier J. Salmerón


Was my answer helpful? Click on :heart:

Hi Javier,
Thank you for your reply.
Yes, you where right, the system apache2 was running in parallel.
But that didn’t solve it all.
Finally I removed the forced HTTPS redirection from apps/alfresco/conf/httpd-prefix.conf and everything worked! Finally!
Only one problem remains:
When starting a document validation workflow the link sent out in the task assignment email points to the document and tasks using the port: 8080
The server refuses the connection attempts.
The open 8080 on G.Cloud FW is open.
Any suggestions?
Thank you very much for your help!!
Ben

Hi,

Good to know that part of the issues is solved :smiley: However, these 8080 links look weird to me, could it be related with the changes you performed here:

I tried to modify server.xml from 8080 to 80 but catalina logs show that the port is already in use when tomcat starts up.

In principle, the 8080 port should not be open, so the connection refused error is expected. Could you let us know the exact steps to reproduce the issue?

Best regards,

Javier J. Salmerón


Was my answer helpful? Click on :heart:

Hi Javier,
The server.xml is back to it’s original config. the port change was a test to see the log output at the time nothing worked.
The link is generated when a document validation is requested from a specific document in a site.
The validator receives an email with an assigned task and direct link to download the document.
Both URL’s contain the 8080 port. If I change the URL to 443 it works fine.
However that is not practical in a working environment unless you tell me which file to modify in order to generate https urls in that notification email.
Best regards,
Benjamin

Hi,

I found this link, which could be useful to you. Could you check it? It probably is a matter of changing the alfresco properties file.

https://community.alfresco.com/thread/207354-modifying-e-mail-notification-url

Hope it helps

Best regards,

Javier J. Salmerón


Was my answer helpful? Click on :heart:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.